<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8" %>
<%@taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
<%@taglib prefix="sec" uri="http://www.springframework.org/security/tags"%>
<%@page session="true" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
    <title>登录页面</title>
    <style>
        .error {
            padding: 15px;
            margin-bottom: 20px;
            border: 1px solid transparent;
            border-radius: 4px;
            color: #a94442;
            background-color: #f2dede;
            border-color: #ebccd1;
        }

        .msg {
            padding: 15px;
            margin-bottom: 20px;
            border: 1px solid transparent;
            border-radius: 4px;
            color: #31708f;
            background-color: #d9edf7;
            border-color: #bce8f1;
        }

        #login-box {
            width: 300px;
            padding: 20px;
            margin: 100px auto;
            background: #fff;
            -webkit-border-radius: 2px;
            -moz-border-radius: 2px;
            border: 1px solid #000;
        }
    </style>
</head>
<body onload='document.loginForm.username.focus();'>
    <h1>Spring Security Custom Login Form (XML)</h1>
    <div id="login-box">
        <h2>Login with Username and Password</h2>
        <c:if test="${not empty error}">
            <div class="error">${error}</div>
        </c:if>
        <c:if test="${not empty msg}">
            <div class="msg">${msg}</div>
        </c:if>
        <!--
            说明： form 中的 action的值 为 /login 为 security 登录验证密码的默认登录地址
            与 controller 中的 login 方法没有直接关系。
            spring security 3.x 默认的登录拦截URL是/j_spring_security_check,
            而spring security 4.x默认拦截的URL是/login
            spring security 3.x 默认的登出地址为 /j_spring_security_logout
            而spring security 4.x默认拦截的URL是/logout
            如果想要不同的action 值，需要在 securityConfig中配置 .loginProcessingUrl("/login.do")
            form表单就可以把 aciont="/login.do"了这样就对应起来了
            推荐使用security默认值
          -->
        <form name='loginForm'
              action="<c:url value='/login'/>" method='post'>
            <table>
                <tr>
                    <td>User:</td>
                    <td><input type='text' name='username' value=''></td>
                </tr>
                <tr>
                    <td>Password:</td>
                    <td><input type='password' name='password'/></td>
                </tr>
                <tr>
                    <td>Holder Me:</td>
                    <td><input type="checkbox" id="rememberme" name="remember-me"></td>
                </tr>
                <tr>
                    <td colspan='2'><input name="submit" type="submit"></td>
                </tr>
            </table>
            <%--<input type="hidden" name="${_csrf.parameterName}"--%>
                   <%--value="${_csrf.token}"/>--%>
        </form>
    </div>
</body>
</html>